You are here: Home / Documentation / How To's / How to fix the error "You are not allowed to access '@@at_base_edit_view' in this context"

How to fix the error "You are not allowed to access '@@at_base_edit_view' in this context"

by nguyen — published Oct 13, 2011 04:55 PM, last modified Aug 16, 2016 10:50 AM
!@#$@ ZMI

The error

I had a report of "Insufficient privileges" error.

Capturing the detailed error message

I logged into the site, went to the error_log, either via http://abc.com/error_log/manage_main or via Site Setup -> Errors http://abc.com/prefs_error_log_form), added a "#" in front of the Unauthorized "Ignored exception types", pressed Save.

Then I asked the user to do again what they did to get the error.

The error log showed this error:


Traceback (innermost last):
  Module ZPublisher.Publish, line 119, in publish
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 42, in call_object
  Module Products.CMFPlone.FactoryTool, line 376, in __call__
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 42, in call_object
  Module Products.CMFFormController.FSControllerPageTemplate, line 90, in __call__
  Module uwosh.filariasis.patches, line 25, in _call
  Module Shared.DC.Scripts.Bindings, line 313, in __call__
  Module Products.PloneHotfix20110531, line 106, in _patched_bindAndExec
  Module Shared.DC.Scripts.Bindings, line 350, in _bindAndExec
  Module Products.CMFCore.FSPageTemplate, line 216, in _exec
  Module Products.CacheSetup.patch_cmf, line 48, in FSPT_pt_render
  Module Products.CacheSetup.patch_cmf, line 120, in PT_pt_render
   - Warning: Macro expansion failed
   - Warning: exceptions.KeyError: 'macro'
  Module zope.tal.talinterpreter, line 271, in __call__
  Module zope.tal.talinterpreter, line 346, in interpret
  Module zope.tal.talinterpreter, line 891, in do_useMacro
  Module zope.tal.talinterpreter, line 346, in interpret
  Module zope.tal.talinterpreter, line 586, in do_setLocal_tal
  Module zope.tales.tales, line 696, in evaluate
   - URL: file:/opt/Plone-3.2.1r3/buildout-cache/eggs/Products.Archetypes-1.5.10-py2.4.egg/Products/Archetypes/skins/archetypes/base_edit.cpt
   - Line 1, Column 0
   - Expression: <PathExpr standard:u'context/@@at_base_edit_view'>
   - Names:
      {'container': <PloneSite at /sites3/english1>,
       'context': <ATFile at /sites3/english1/english-department-minutes/2011-2012-academic-year/portal_factory/File/file.2011-10-13.7887164145 used for /sites3/english1/english-department-minutes/2011-2012-academic-year>,
       'default': <object object at 0x2abea609d200>,
       'here': <ATFile at /sites3/english1/english-department-minutes/2011-2012-academic-year/portal_factory/File/file.2011-10-13.7887164145 used for /sites3/english1/english-department-minutes/2011-2012-academic-year>,
       'loop': {},
       'nothing': None,
       'options': {'args': (),
                   'state': <Products.CMFFormController.ControllerState.ControllerState object at 0x2aaabcee40d0>},
       'repeat': <Products.PageTemplates.Expressions.SafeMapping object at 0x167cd878>,
       'request': <HTTPRequest, URL=http://plonedev.uwosh.edu/english1/english-department-minutes/2011-2012-academic-year/portal_factory/File/file.2011-10-13.7887164145/atct_edit>,
       'root': <Application at >,
       'template': <FSControllerPageTemplate at /sites3/english1/atct_edit used for /sites3/english1/english-department-minutes/2011-2012-academic-year/portal_factory/File/file.2011-10-13.7887164145>,
       'traverse_subpath': [],
       'user': <PloneUser 'apitzb40'>}
  Module zope.tales.expressions, line 217, in __call__
  Module Products.PageTemplates.Expressions, line 153, in _eval
  Module zope.tales.expressions, line 124, in _eval
  Module Products.PageTemplates.Expressions, line 80, in boboAwareZopeTraverse
  Module OFS.Traversable, line 301, in restrictedTraverse
  Module OFS.Traversable, line 195, in unrestrictedTraverse
   - __traceback_info__: ([], '@@at_base_edit_view')
Unauthorized: You are not allowed to access '@@at_base_edit_view' in this context

Digging around in the folder's @@sharing tab, I couldn't see any problem in the way the roles had been granted to the group this user was a member of.

The problem is found and fixed

However I did see a problem in the ZMI's Security tab: the Acquire checkbox was unchecked for the folder in question and its parent folder, for the "Manage portal content" permission.

I suspect someone with Administrator role made that change.  

I re-checked the Acquire box for that permission in that folder and its parent folder (and pressed the Save button), then the user was able to proceed with adding a file, without error.

ZMI Security tab changes are a big no no!  Bad bad BAD site administrator.  This is why UW Oshkosh no longer grants Administrators group membership by default to anyone except campus server admins... we use our homegrown uwosh.policy.siteowner product (and now Plone 4.1 has an equivalent role and group).

Resetting the error log

Don't forget to remove the "#" in front of the Unauthorized exception, otherwise your site will run more slowly as it captures those errors instead of ignoring them.

 
Navigation